possible remote buffer overflow in atftpd

Hello, There is possible remote buffer overflow in atftpd. It has to do with length of filename which client sends to atftpd server. If you send filename over 253 bytes, it crashes with segfault. When I attach to process with gdb I can see it trying to run instruction from EIP 0x41414141. That ca...

HP-UX 11.0 /usr/lbin/rwrite

Hi! There is a vulnerability in /usr/lbin/rwrite on HP-UX 11.0 other versions might be vulnerable too. /usr/lbin/rwrite is installed setuid to root by default. $ /usr/lbin/rwrite something perl -e 'print "A" x 14628' something Segmentation fault Solution : remove setuid bit until patch is...

Sendmail <= 8.12.8 prescan() BSD Remote Root Exploit

Exploit for linux platform in category remote exploits ==================================================== Sendmail include include include include include include include include int maxarch=1; struct arch char os; // The OS int pos; // The position of ebp in the stack, with the last byte being...

Sendmail 8.12.8 (BSD) - &#039;Prescan()&#039; Remote Command Execution

/ Sendmail 8.12.8 prescan PROOF OF CONCEPT exploit by bysin This is to prove that the bug in sendmail 8.12.8 and below is vulnerable. On sucessful POC exploitation the program should crash with the following: Program received signal SIGSEGV, Segmentation fault. 0x5c5c5c5c in ?? / include include...

Sendmail 8.12.8 (BSD) - Prescan() Remote Command Execution

Sendmail 8.12.8 BSD - Prescan Remote Command Execution / Sendmail 8.12.8 prescan PROOF OF CONCEPT exploit by bysin This is to prove that the bug in sendmail 8.12.8 and below is vulnerable. On sucessful POC exploitation the program should crash with the following: Program received signal SIGSEGV,...

@&#40;#&#41;Mordred Labs advisory - Integer overflow in PHP socket_iovec_alloc&#40;&#41; function

//@ Mordred Security Labs advisory Release date: March 25, 2003 Name: Integer overflow in PHP socketiovecalloc function Versions affected: 4.3.2 Conditions: PHP must be compiled with --enable-sockets option, which is turned off by default Risk: average Author: Sir Mordred [email protected] I...

XFree86 4.2 - &#039;XLOCALEDIR&#039; Local Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment variable. A local attacker can exploi...

[argv] BitchX-353 Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Mon Feb 17 15:26:06 EST 2003 1. Topic: BitchX IRC Client 2. Relevant versions: Vulnerable: BitchX-75p3 BitchX-1.0c16 BitchX-1.0c19 BitchX-1.0c20cvs Not Vulnerable: BitchX-1.0c18 3. Problem description: A denial of service vulnerability exists in BitchX. Sending ...

HPUX Wall Buffer Overflow

Hi all, after looking to check if this had been reported before I couldn't find anything, so here's my two cents: HPUX /usr/sbin/wall Buffer Overflow. bash-2.04$ ls -las /usr/sbin/wall 40 -r-xr-sr-x 1 bin tty 20480 Nov 7 1997 /usr/sbin/wall Wall on HPUX works in the following way: echo "Something...

CVE-2003-0037

CVE-2003-0037 affects the noffle offline news server (versions

Melange Chat Server 1.10 - Remote Buffer Overflow

/ Proof of Concept for Melange Chat Server 1.10 a lame remote bof exploit by innerphobia 12/24/02 Credits go to: - iDefense Labs for the advisory - blink for discovering the bug - Irian for the shellcode With careful calculation it is possible to control even the EIP, not just one byte of EIP...

SAP database local root via symlink

This local attack upon SAP is based on sapdb-server-linux-32bit-i386-73029.tgz it is currently unknown if this affects other SAP flavors. elguapo@rh8 pgm$ pwd /usr/sapdb/depend/pgm elguapo@rh8 pgm$ ls -al lserver -rwsrwxr-x 1 root sapdb 15673 Oct 22 10:42 lserver Using ltrace we can see an attemp...

TracerouteNG - never ending story

Hi everyone, I want to provide some additional information about the recently discovered traceroute-ng flaw. I decided to disclose to details right now because I do not believe that the flaw is easily exploitable. 1 The vulnerablilty. The patch provided by vendors like SuSE is not sufficient. It...

Buffer-overflow vulnerability in Midnight Commander

Overview The mcedit component of some versions of Midnight Commander contains a buffer-overflow vulnerability. Description Midnight Commander is a file manager for open source operating systems, distributed under the GNU General Public License GPL. In version 4.5.1 of Midnight Commander, the mced...

New advisory + exploit from LByte

+- Limpid Byte Advisory 003---------------------------------+ | | | Program: 2fax | | Version: all =2.02 | | OS: Linux/Windows | | Bug: Buffer Overflow in -bpcx option | | Homepage: http://www.atbas.org | | | | Discovered by Crazy Einstein [email protected] | | |...

How to reproduce OpenSSH Overflow.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The R7 team did a little investigating into one of the OpenSSH vulnerabilities. The following are instructions on how to reproduce a segmentation violation in sshd v3.2.3p1: 0. Compile with PAM and S/KEY support. 1. Apply the following patch to the ss...

Another flaw in Apache?

Hello. While playing with the SetEnv directive with Apache, I noticed that httpd processes are dying with a signal 11 if the data stored in an environment variable was too long. I simply triggered the bug by creating a .htaccess file so a regular user can do it with : SetEnv DATELOCALE "..." The...

solaris 9 sparc rcp

hallo, freshly installed solaris 9 sparc. one more suid segfault: bash-2.05$ uname -a SunOS solaris9 5.9 Generic sun4u sparc SUNW,Ultra-510 bash-2.05$ ls -l /usr/sbin/static/rcp -r-sr-xr-x 1 root bin 787700 Apr 6 16:58 /usr/sbin/static/rcp bash-2.05$ /usr/sbin/static/rcp perl -e 'print "A" x 1000...

procmail heap overflow

hi, i found a heap overflow in procmail up until latest some time ago. flatline@intra:/usr/bin$ ls -la procmail -rwsr-xr-x 1 root mail 64344 Jun 3 2001 procmail flatline@intra:/usr/bin$ ./procmail perl -e 'print "A"x10240'=A procmail: Exceeded LINEBUF Segmentation fault flatline@intra:/usr/bin$ a...

Interbase 6.0 malloc&#40;&#41; issues

====================================================================== Strategic Reconnaissance Team Security Advisory SRT2002-06-17-1043 Topic : Interbase 6.0-1 Date : June 17, 2002 Credit : KF dotslashatsnosoft.com Site : http://www.snosoft.com...